An encryption algorithm with a suspected NSA-designed backdoor has been declared insecure by the developer after years of extensive use by customers worldwide, including the US federal agencies and government entities.

Major US computer security company RSA Security, a division of
EMC, has privately warned thousands of its customers on Thursday
to immediately discontinue using all versions of company's BSAFE
toolkit and Data Protection Manager (DPM), both using
Dual_EC_DRNG (Dual Elliptic Curve Deterministic Random Bit
Generator) encryption algorithm to protect sensitive data.

“To ensure a high level of assurance in their application, RSA
strongly recommends that customers discontinue use of
Dual_EC_DRNG [cryptographic keys generator] and move to a
different PRNG [Pseudo-random Number Generator],”
warned RSA’s letter, as quoted by The Wall Street Journal.

In the letter the RSA provided BSAFE Toolkits and DPM customers
with a link to technical guidance to change the PRNG settings in
their products and promised to update the algorithm library.

The letter does not mention RSA’s flagship SecurID tokens, used
by millions of employees around the world to get secure access to
their corporate networks.

In 2006, the US National Institute of Standards and Technology
(NIST) followed by the International Organization for
Standardization officially endorsed Dual_EC_DRNG, so encryption
software base on it was used for years by both private sector and
US government agencies.

Last week the New York Times published new revelations by former
National Security Agency contractor Edward Snowden, exposing that
crucial encryption algorithm of certain US-developed security
software is based on weak mathematical formula intentionally
crippled to facilitate NSA access to encrypted dataflow.

On Wednesday, ArsTechnica media outlet sent an inquiry to RSA on
whether it is going to alert its customers that company’s BSAFE
product operates a “deliberately crippled pseudo random number
generator (PRNG), which is so weak that it undermines the
security of most or all cryptography systems that use it.”

A mere 24 hours after that notification, the RSA issued an
advisory to stop using compromised software.

The RSA letter never mentions the NSA, although “due to the
debate around the Dual_EC_DRNG standard” the company invites
experts to take part in recently reopened public expertise of SP
800-90 security standard by the National Institute of Standards
and Technology (NIST).

According to NIST the RSA’s Dual_EC_DRNG tool is used in dozens
of third-party products that implement cryptographic functions,
such as McAfee Firewall Enterprise Control Center.

Which means that all of them are also using ‘corrected’ random
number generator with implanted backdoor used by the NSA; but as
ArsTechnica suspects – not only the NSA anymore.

ArsTechnica claims that an “untold number” of third-party
products “may be bypassed not only by advanced intelligence
agencies, but possibly by other adversaries who have the
resources to carry out attacks.” Specially-designed
hardware using a simple trial and error method can relatively
quickly go through possible keys until the correct one is
generated.

What is more significant, ArsTechnica warns, is that the BSAFE
tool is the default RNG in a "large number of derivative
crypto systems that are highly susceptible to being broken.”

Cryptography experts did not approve of the NIST’s decision to
choose Dual_EC_DRNG as major encrypting tool from the very
beginning and for years speculated over its sluggish performance
and the ‘discrete logarithm’ mathematical basis.

But a person familiar with the process told Reuters that NIST
accepted Dual_EC_DRNG in the first place because many US
government agencies were already using it.

As Professor Mathew Green, a cryptographer at Johns Hopkins
University, claims in his latest publication, when NIST embraced
Dual_EC_DRNG, the tool had no security proof.

Last week Professor Green told RT that the “NSA has
a hard time breaking encryptions, so what they’ve done is they
actually tried to take the products that perform encryptions and
make them worse, make it weaker so it is easier for them to break
that encryption.”

“[The] NSA is willing to make the US security a little bit
weaker,” Green said.

Just this week Symantec computer security experts maintained
they’ve identified an elite group of Chinese hackers who have targeted the systems of US
major technology companies like Adobe, Dow Chemical, Google,
Northrup Grumman, Yahoo and even Symantec itself since at least
2009.

Earlier in 2013, the NSA was exposed as an agency that enjoyed global
internet data flow control for years, using its behemoth PRISM
surveillance program along with other costly projects. But
despite practically limitless web control capabilities, the
agency failed to prevent foreign IT experts, particularly from
China, performing high-profile hacks of
American companies and other entities.